update

emdee 2024-02-02 15:58:07 +00:00
parent 01b183d7a7
commit 371fe2ac94
3 changed files with 16 additions and 0 deletions

@ -136,4 +136,6 @@ Details:
* https://community.torproject.org/onion-services/setup/ * https://community.torproject.org/onion-services/setup/
* https://community.torproject.org/onion-services/ * https://community.torproject.org/onion-services/
* https://www.wired.com/story/tor-browser-russia-blocks/ * https://www.wired.com/story/tor-browser-russia-blocks/
* https://blog.torproject.org/tor-censorship-in-russia/
* https://nusenu.medium.com/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac * https://nusenu.medium.com/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
* https://lists.torproject.org/pipermail/tor-talk/2022-January/045803.html

@ -343,3 +343,6 @@ the changes to the clients are not large:
Also we would want the Python script to keep profiles within a Persona in sync. Also we would want the Python script to keep profiles within a Persona in sync.
We need to resolve the questions about having the same groups Personae. We need to resolve the questions about having the same groups Personae.
This is also a security issue as without a keyring and user acceptance of a displayname, there is always a risk of impersonation in NGC groups:
https://github.com/JFreegman/toxic/issues/622

@ -0,0 +1,11 @@
# Tox Handshake Vulnerable to KCI
[Redesign of Tox%27 Cryptographic Handshake](https://gist.github.com/goldroom/54c3a06f153e98538558e67406968344)
In 2017, Jason A. Donenfeld, known for WireGuard, reported an issue in
Tox' handshake.
* https://github.com/TokTok/c-toxcore/issues/426
* https://gist.github.com/goldroom/54c3a06f153e98538558e67406968344
* https://nlnet.nl/project/Noise-Tox/